| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Apr 2022 16:30:49 -0700
From: Colin Foster <colin.foster@...advantage.com>
To: linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Cc: Paolo Abeni <pabeni@...hat.com>, Jakub Kicinski <kuba@...nel.org>,
Eric Dumazet <edumazet@...gle.com>,
"David S. Miller" <davem@...emloft.net>,
Florian Fainelli <f.fainelli@...il.com>,
Vivien Didelot <vivien.didelot@...il.com>,
Andrew Lunn <andrew@...n.ch>, UNGLinuxDriver@...rochip.com,
Alexandre Belloni <alexandre.belloni@...tlin.com>,
Claudiu Manoil <claudiu.manoil@....com>,
Vladimir Oltean <vladimir.oltean@....com>
Subject: [PATCH v1 net 2/2] net: mscc: ocelot: fix possible memory conflict for vcap_props
Each instance of an ocelot struct has the ocelot_vcap_props structure being
referenced. During initialization (ocelot_init), these vcap_props are
detected and the structure contents are modified.
In the case of the standard ocelot driver, there will probably only be one
instance of struct ocelot, since it is part of the chip.
For the Felix driver, there could be multiple instances of struct ocelot.
In that scenario, the second time ocelot_init would get called, it would
corrupt what had been done in the first call because they both reference
*ocelot->vcap. Both of these instances were assigned the same memory
location.
Move this vcap_props memory to within struct ocelot, so that each instance
can modify the structure to their heart's content without corrupting other
instances.
Fixes: 2096805497e2b ("net: mscc: ocelot: automatically detect VCAP
constants")
Signed-off-by: Colin Foster <colin.foster@...advantage.com>
---
drivers/net/dsa/ocelot/felix.c | 3 +-
drivers/net/dsa/ocelot/felix.h | 2 +-
drivers/net/dsa/ocelot/felix_vsc9959.c | 2 +-
drivers/net/ethernet/mscc/ocelot_vsc7514.c | 5 ++--
include/soc/mscc/ocelot.h | 34 +++++++++++++++++++++-
include/soc/mscc/ocelot_vcap.h | 32 --------------------
6 files changed, 40 insertions(+), 38 deletions(-)
diff --git a/drivers/net/dsa/ocelot/felix.c b/drivers/net/dsa/ocelot/felix.c
index 9e28219b223d..f6a1e8e90bda 100644
--- a/drivers/net/dsa/ocelot/felix.c
+++ b/drivers/net/dsa/ocelot/felix.c
@@ -1199,7 +1199,8 @@ static int felix_init_structs(struct felix *felix, int num_phys_ports)
ocelot->stats_layout = felix->info->stats_layout;
ocelot->num_stats = felix->info->num_stats;
ocelot->num_mact_rows = felix->info->num_mact_rows;
- ocelot->vcap = felix->info->vcap;
+ memcpy(&ocelot->vcap, felix->info->vcap,
+ OCELOT_NUM_VCAP_BLOCKS * sizeof(*felix->info->vcap));
ocelot->vcap_pol.base = felix->info->vcap_pol_base;
ocelot->vcap_pol.max = felix->info->vcap_pol_max;
ocelot->vcap_pol.base2 = felix->info->vcap_pol_base2;
diff --git a/drivers/net/dsa/ocelot/felix.h b/drivers/net/dsa/ocelot/felix.h
index d6cf5e5a48c5..fb928c8bf544 100644
--- a/drivers/net/dsa/ocelot/felix.h
+++ b/drivers/net/dsa/ocelot/felix.h
@@ -27,7 +27,7 @@ struct felix_info {
unsigned int num_stats;
int num_ports;
int num_tx_queues;
- struct ocelot_vcap_props *vcap;
+ const struct ocelot_vcap_props *vcap;
u16 vcap_pol_base;
u16 vcap_pol_max;
u16 vcap_pol_base2;
diff --git a/drivers/net/dsa/ocelot/felix_vsc9959.c b/drivers/net/dsa/ocelot/felix_vsc9959.c
index a60dbedc1b1c..ddf4e8a9905c 100644
--- a/drivers/net/dsa/ocelot/felix_vsc9959.c
+++ b/drivers/net/dsa/ocelot/felix_vsc9959.c
@@ -845,7 +845,7 @@ static struct vcap_field vsc9959_vcap_is2_actions[] = {
[VCAP_IS2_ACT_HIT_CNT] = { 44, 32},
};
-static struct ocelot_vcap_props vsc9959_vcap_props[] = {
+static const struct ocelot_vcap_props vsc9959_vcap_props[] = {
[VCAP_ES0] = {
.action_type_width = 0,
.action_table = {
diff --git a/drivers/net/ethernet/mscc/ocelot_vsc7514.c b/drivers/net/ethernet/mscc/ocelot_vsc7514.c
index 12c739cb89f9..4fe51591afa8 100644
--- a/drivers/net/ethernet/mscc/ocelot_vsc7514.c
+++ b/drivers/net/ethernet/mscc/ocelot_vsc7514.c
@@ -344,7 +344,7 @@ static const struct ocelot_ops ocelot_ops = {
.netdev_to_port = ocelot_netdev_to_port,
};
-static struct ocelot_vcap_props vsc7514_vcap_props[] = {
+static const struct ocelot_vcap_props vsc7514_vcap_props[] = {
[VCAP_ES0] = {
.action_type_width = 0,
.action_table = {
@@ -638,7 +638,8 @@ static int mscc_ocelot_probe(struct platform_device *pdev)
ocelot->num_phys_ports = of_get_child_count(ports);
ocelot->num_flooding_pgids = 1;
- ocelot->vcap = vsc7514_vcap_props;
+ memcpy(&ocelot->vcap, &vsc7514_vcap_props,
+ OCELOT_NUM_VCAP_BLOCKS * sizeof(*vsc7514_vcap_props));
ocelot->vcap_pol.base = VSC7514_VCAP_POLICER_BASE;
ocelot->vcap_pol.max = VSC7514_VCAP_POLICER_MAX;
diff --git a/include/soc/mscc/ocelot.h b/include/soc/mscc/ocelot.h
index 42634183d062..b097b97993b0 100644
--- a/include/soc/mscc/ocelot.h
+++ b/include/soc/mscc/ocelot.h
@@ -525,6 +525,15 @@ enum {
VCAP_CONST_IF_CNT,
};
+enum {
+ VCAP_ES0,
+ VCAP_IS1,
+ VCAP_IS2,
+ __VCAP_COUNT,
+};
+
+#define OCELOT_NUM_VCAP_BLOCKS __VCAP_COUNT
+
enum ocelot_ptp_pins {
PTP_PIN_0,
PTP_PIN_1,
@@ -583,6 +592,29 @@ struct ocelot_vcap_block {
int count;
};
+struct ocelot_vcap_props {
+ u16 tg_width; /* Type-group width (in bits) */
+ u16 sw_count; /* Sub word count */
+ u16 entry_count; /* Entry count */
+ u16 entry_words; /* Number of entry words */
+ u16 entry_width; /* Entry width (in bits) */
+ u16 action_count; /* Action count */
+ u16 action_words; /* Number of action words */
+ u16 action_width; /* Action width (in bits) */
+ u16 action_type_width; /* Action type width (in bits) */
+ struct {
+ u16 width; /* Action type width (in bits) */
+ u16 count; /* Action type sub word count */
+ } action_table[2];
+ u16 counter_words; /* Number of counter words */
+ u16 counter_width; /* Counter width (in bits) */
+
+ enum ocelot_target target;
+
+ const struct vcap_field *keys;
+ const struct vcap_field *actions;
+};
+
struct ocelot_bridge_vlan {
u16 vid;
unsigned long portmask;
@@ -727,7 +759,7 @@ struct ocelot {
struct list_head dummy_rules;
struct ocelot_vcap_block block[3];
struct ocelot_vcap_policer vcap_pol;
- struct ocelot_vcap_props *vcap;
+ struct ocelot_vcap_props vcap[OCELOT_NUM_VCAP_BLOCKS];
struct ocelot_mirror *mirror;
struct ocelot_psfp_list psfp;
diff --git a/include/soc/mscc/ocelot_vcap.h b/include/soc/mscc/ocelot_vcap.h
index 05bd73c63675..96ca1498f722 100644
--- a/include/soc/mscc/ocelot_vcap.h
+++ b/include/soc/mscc/ocelot_vcap.h
@@ -27,38 +27,6 @@
* =================================================================
*/
-enum {
- VCAP_ES0,
- VCAP_IS1,
- VCAP_IS2,
- __VCAP_COUNT,
-};
-
-#define OCELOT_NUM_VCAP_BLOCKS __VCAP_COUNT
-
-struct ocelot_vcap_props {
- u16 tg_width; /* Type-group width (in bits) */
- u16 sw_count; /* Sub word count */
- u16 entry_count; /* Entry count */
- u16 entry_words; /* Number of entry words */
- u16 entry_width; /* Entry width (in bits) */
- u16 action_count; /* Action count */
- u16 action_words; /* Number of action words */
- u16 action_width; /* Action width (in bits) */
- u16 action_type_width; /* Action type width (in bits) */
- struct {
- u16 width; /* Action type width (in bits) */
- u16 count; /* Action type sub word count */
- } action_table[2];
- u16 counter_words; /* Number of counter words */
- u16 counter_width; /* Counter width (in bits) */
-
- enum ocelot_target target;
-
- const struct vcap_field *keys;
- const struct vcap_field *actions;
-};
-
/* VCAP Type-Group values */
#define VCAP_TG_NONE 0 /* Entry is invalid */
#define VCAP_TG_FULL 1 /* Full entry */
--
2.25.1
Powered by blists - more mailing lists